...
This commit is contained in:
Jakub Stefko
parent
20c9f1ae56
commit
7ada2aba08
112
12/2.txt
112
12/2.txt
@ -0,0 +1,112 @@
|
|||||||
|
Przed (cat /proc/interrupts):
|
||||||
|
CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7
|
||||||
|
0: 8 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer
|
||||||
|
1: 0 15 0 0 0 0 0 0 IR-IO-APIC 1-edge i8042
|
||||||
|
8: 0 0 1 0 0 0 0 0 IR-IO-APIC 8-edge rtc0
|
||||||
|
9: 0 1135 0 0 0 0 0 0 IR-IO-APIC 9-fasteoi acpi
|
||||||
|
12: 0 0 0 0 0 0 0 533 IR-IO-APIC 12-edge i8042
|
||||||
|
14: 0 0 0 0 0 0 0 0 IR-IO-APIC 14-fasteoi INT34BB:00
|
||||||
|
120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0
|
||||||
|
121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1
|
||||||
|
122: 0 0 0 0 0 0 0 0 IR-PCI-MSI 458752-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
123: 0 0 0 0 0 0 0 0 IR-PCI-MSI 475136-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
124: 0 0 0 0 0 0 0 0 IR-PCI-MSI 479232-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
125: 0 0 0 0 0 0 0 0 IR-PCI-MSI 483328-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
126: 0 0 51459 351139 0 649 28976 34018 IR-PCI-MSI 327680-edge xhci_hcd
|
||||||
|
127: 0 0 0 0 18 0 0 0 IR-PCI-MSI 1048576-edge rtsx_pci
|
||||||
|
128: 0 0 0 0 0 0 0 0 IR-PCI-MSI 2097152-edge enp4s0
|
||||||
|
129: 0 0 1 0 0 23 0 0 IR-PCI-MSI 3670016-edge nvme0q0
|
||||||
|
130: 92394 0 0 0 0 0 0 0 IR-PCI-MSI 3670017-edge nvme0q1
|
||||||
|
131: 0 100550 0 0 0 0 0 0 IR-PCI-MSI 3670018-edge nvme0q2
|
||||||
|
132: 0 0 107055 0 0 0 0 0 IR-PCI-MSI 3670019-edge nvme0q3
|
||||||
|
133: 0 0 0 85280 0 0 0 0 IR-PCI-MSI 3670020-edge nvme0q4
|
||||||
|
134: 0 0 0 0 95656 0 0 0 IR-PCI-MSI 3670021-edge nvme0q5
|
||||||
|
135: 0 0 0 0 0 99021 0 0 IR-PCI-MSI 3670022-edge nvme0q6
|
||||||
|
136: 0 0 0 0 0 0 103995 0 IR-PCI-MSI 3670023-edge nvme0q7
|
||||||
|
137: 0 0 0 0 0 0 0 119472 IR-PCI-MSI 3670024-edge nvme0q8
|
||||||
|
138: 0 0 0 0 0 0 39 0 IR-PCI-MSI 360448-edge mei_me
|
||||||
|
139: 0 0 0 0 289984 0 0 373 IR-PCI-MSI 2621440-edge iwlwifi: default queue
|
||||||
|
140: 20 0 0 2503 11 158 22236 28085 IR-PCI-MSI 2621441-edge iwlwifi: queue 1
|
||||||
|
141: 20 19 0 157 327 799 32399 10535 IR-PCI-MSI 2621442-edge iwlwifi: queue 2
|
||||||
|
142: 0 4 436 1079 51 0 3384 24154 IR-PCI-MSI 2621443-edge iwlwifi: queue 3
|
||||||
|
143: 0 2 48 192 141 0 1588 18215 IR-PCI-MSI 2621444-edge iwlwifi: queue 4
|
||||||
|
144: 0 0 0 0 0 33 0 0 IR-PCI-MSI 2621445-edge iwlwifi: exception
|
||||||
|
145: 239 0 0 2802 1189 2012240 0 0 IR-PCI-MSI 32768-edge i915
|
||||||
|
146: 0 0 0 0 0 0 1284 0 IR-PCI-MSI 514048-edge snd_hda_intel:card0
|
||||||
|
NMI: 149 142 144 142 142 139 139 140 Non-maskable interrupts
|
||||||
|
LOC: 6369058 4847385 4761528 4736468 4743145 5073217 4758252 4776585 Local timer interrupts
|
||||||
|
SPU: 0 0 0 0 0 0 0 0 Spurious interrupts
|
||||||
|
PMI: 149 142 144 142 142 139 139 140 Performance monitoring interrupts
|
||||||
|
IWI: 109 60 122 593 122 116564 143 141 IRQ work interrupts
|
||||||
|
RTR: 0 0 0 0 0 0 0 0 APIC ICR read retries
|
||||||
|
RES: 829540 590855 336373 233901 183781 163458 154817 144969 Rescheduling interrupts
|
||||||
|
CAL: 342418 335169 339471 340453 334637 334367 333269 333615 Function call interrupts
|
||||||
|
TLB: 519704 551340 538778 543580 546748 540570 540980 539574 TLB shootdowns
|
||||||
|
TRM: 42135 42135 42135 42135 42135 42135 42135 42135 Thermal event interrupts
|
||||||
|
THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts
|
||||||
|
DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts
|
||||||
|
MCE: 0 0 0 0 0 0 0 0 Machine check exceptions
|
||||||
|
MCP: 80 81 81 81 81 81 81 81 Machine check polls
|
||||||
|
ERR: 0
|
||||||
|
MIS: 0
|
||||||
|
PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event
|
||||||
|
NPI: 0 0 0 0 0 0 0 0 Nested posted-interrupt event
|
||||||
|
PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event
|
||||||
|
|
||||||
|
Potem zrobiłem:
|
||||||
|
ping 12 (i przerwałem po jakimś czasie)
|
||||||
|
|
||||||
|
Potem mam taki wynik (cat /proc/interrupts):
|
||||||
|
CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7
|
||||||
|
0: 8 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer
|
||||||
|
1: 0 15 0 0 0 0 0 0 IR-IO-APIC 1-edge i8042
|
||||||
|
8: 0 0 1 0 0 0 0 0 IR-IO-APIC 8-edge rtc0
|
||||||
|
9: 0 1137 0 0 0 0 0 0 IR-IO-APIC 9-fasteoi acpi
|
||||||
|
12: 0 0 0 0 0 0 0 533 IR-IO-APIC 12-edge i8042
|
||||||
|
14: 0 0 0 0 0 0 0 0 IR-IO-APIC 14-fasteoi INT34BB:00
|
||||||
|
120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0
|
||||||
|
121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1
|
||||||
|
122: 0 0 0 0 0 0 0 0 IR-PCI-MSI 458752-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
123: 0 0 0 0 0 0 0 0 IR-PCI-MSI 475136-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
124: 0 0 0 0 0 0 0 0 IR-PCI-MSI 479232-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
125: 0 0 0 0 0 0 0 0 IR-PCI-MSI 483328-edge PCIe PME, aerdrv, pcie-dpc
|
||||||
|
126: 0 0 51459 352076 0 649 28976 34018 IR-PCI-MSI 327680-edge xhci_hcd
|
||||||
|
127: 0 0 0 0 18 0 0 0 IR-PCI-MSI 1048576-edge rtsx_pci
|
||||||
|
128: 0 0 0 0 0 0 0 0 IR-PCI-MSI 2097152-edge enp4s0
|
||||||
|
129: 0 0 1 0 0 23 0 0 IR-PCI-MSI 3670016-edge nvme0q0
|
||||||
|
130: 92596 0 0 0 0 0 0 0 IR-PCI-MSI 3670017-edge nvme0q1
|
||||||
|
131: 0 100798 0 0 0 0 0 0 IR-PCI-MSI 3670018-edge nvme0q2
|
||||||
|
132: 0 0 107391 0 0 0 0 0 IR-PCI-MSI 3670019-edge nvme0q3
|
||||||
|
133: 0 0 0 85477 0 0 0 0 IR-PCI-MSI 3670020-edge nvme0q4
|
||||||
|
134: 0 0 0 0 95828 0 0 0 IR-PCI-MSI 3670021-edge nvme0q5
|
||||||
|
135: 0 0 0 0 0 99692 0 0 IR-PCI-MSI 3670022-edge nvme0q6
|
||||||
|
136: 0 0 0 0 0 0 104444 0 IR-PCI-MSI 3670023-edge nvme0q7
|
||||||
|
137: 0 0 0 0 0 0 0 120031 IR-PCI-MSI 3670024-edge nvme0q8
|
||||||
|
138: 0 0 0 0 0 0 39 0 IR-PCI-MSI 360448-edge mei_me
|
||||||
|
139: 0 0 0 0 290711 0 0 373 IR-PCI-MSI 2621440-edge iwlwifi: default queue
|
||||||
|
140: 20 0 0 2510 11 198 22236 28085 IR-PCI-MSI 2621441-edge iwlwifi: queue 1
|
||||||
|
141: 20 19 0 157 327 799 32399 10618 IR-PCI-MSI 2621442-edge iwlwifi: queue 2
|
||||||
|
142: 0 4 436 1082 51 0 3440 24154 IR-PCI-MSI 2621443-edge iwlwifi: queue 3
|
||||||
|
143: 0 2 48 192 141 0 1588 18347 IR-PCI-MSI 2621444-edge iwlwifi: queue 4
|
||||||
|
144: 0 0 0 0 0 33 0 0 IR-PCI-MSI 2621445-edge iwlwifi: exception
|
||||||
|
145: 239 0 0 2802 1189 2013330 0 0 IR-PCI-MSI 32768-edge i915
|
||||||
|
146: 0 0 0 0 0 0 1284 0 IR-PCI-MSI 514048-edge snd_hda_intel:card0
|
||||||
|
NMI: 149 143 145 142 143 139 140 141 Non-maskable interrupts
|
||||||
|
LOC: 6383454 4863549 4776568 4751939 4759557 5089009 4771801 4792773 Local timer interrupts
|
||||||
|
SPU: 0 0 0 0 0 0 0 0 Spurious interrupts
|
||||||
|
PMI: 149 143 145 142 143 139 140 141 Performance monitoring interrupts
|
||||||
|
IWI: 109 60 122 593 124 116678 143 141 IRQ work interrupts
|
||||||
|
RTR: 0 0 0 0 0 0 0 0 APIC ICR read retries
|
||||||
|
RES: 831889 591806 337069 234466 184234 163844 155223 145396 Rescheduling interrupts
|
||||||
|
CAL: 346314 338676 344120 343947 338531 338607 337458 336734 Function call interrupts
|
||||||
|
TLB: 525036 556143 544961 548351 551754 546683 547124 544654 TLB shootdowns
|
||||||
|
TRM: 42326 42326 42326 42326 42326 42326 42326 42326 Thermal event interrupts
|
||||||
|
THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts
|
||||||
|
DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts
|
||||||
|
MCE: 0 0 0 0 0 0 0 0 Machine check exceptions
|
||||||
|
MCP: 81 82 82 82 82 82 82 82 Machine check polls
|
||||||
|
ERR: 0
|
||||||
|
MIS: 0
|
||||||
|
PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event
|
||||||
|
NPI: 0 0 0 0 0 0 0 0 Nested posted-interrupt event
|
||||||
|
PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event
|
||||||
2
12/3.txt
2
12/3.txt
@ -0,0 +1,2 @@
|
|||||||
|
Nie znalazłem nigdzie w vBox tych opcji do ustalenia, zatem moim podejrzeniem jest to że nie da się tych opcji ustawić.
|
||||||
|
Jeśli się mylę to proszę o maila gdzie mógłbym to znaleźć bo naprawdę się starałem ale w żadnych ustawieniach tego nie było :<
|
||||||
12
14/1.txt
12
14/1.txt
@ -0,0 +1,12 @@
|
|||||||
|
Różnice między snort'em 2 a 3 załączam w pliku jpg (źródło: https://blog.snort.org/2020/08/snort-3-2-differences.html#:~:text=Snort%203.0%20is%20an%20updated,the%20final%20release%20is%20here.)
|
||||||
|
|
||||||
|
Różnice pomiędzy suricat'ą a snort'em są dobrze opisane tutaj: https://suricata.readthedocs.io/en/suricata-6.0.0/rules/differences-from-snort.html
|
||||||
|
I jest ich na tyle dużo, że szanując Pana czas nie będę ich wszystkich tu wklejał.
|
||||||
|
|
||||||
|
Z kilku artykułów jakie zdarzyło mi się przeczytać wynika że bardziej polecana jest suricata bo jest szybsza i bardziej wydajna,
|
||||||
|
ale nie jestem ekspertem więc załączę po prostu poniżej linki do artykułów i postów ludzi którzy bardziej ode mnie znają się na temacie
|
||||||
|
i ich zdanie znaczy więcej:
|
||||||
|
https://cybersecurity.att.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview (tu jest też więcej opcji, ale artykuł bardzo polecam)
|
||||||
|
https://tacticalflex.zendesk.com/hc/en-us/articles/360010678893-Snort-vs-Suricata
|
||||||
|
https://bricata.com/blog/snort-suricata-bro-ids/
|
||||||
|
https://www.reddit.com/r/PFSENSE/comments/kb45rs/snort_vs_suricata_what_is_your_experience_with/ (nie mogło zabraknąc reddit'a, przepraszam)
|
||||||
BIN
14/snort_2_vs_3.jpg
Normal file
BIN
14/snort_2_vs_3.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 128 KiB |
Loading…
Reference in New Issue
Block a user